aboutsummaryrefslogtreecommitdiff
path: root/Config.in.legacy
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2017-06-22 00:07:42 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-06-22 23:25:24 +0200
commit622ff3d6ea63ca7c7aab7e5609cfb1e4190eff8a (patch)
treeacbad80018c369994b820af0d5850710000324e6 /Config.in.legacy
parent6f2c02202308bdae91ce19965e664300e30b2224 (diff)
downloadbuildroot-622ff3d6ea63ca7c7aab7e5609cfb1e4190eff8a.tar.gz
buildroot-622ff3d6ea63ca7c7aab7e5609cfb1e4190eff8a.tar.bz2
spice: security bump to version 0.12.6
Fixes the following security issues: CVE-2015-3247: Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so add Config.in.legacy handling for them. Lz4 is a new optional dependency, so handle it. The spice protocol definition is no longer included and instead used from spice-protocol. The build system uses pkg-config --variable=codegendir to find the build time path of this, which doesn't take our STAGING_DIR prefix into consideration, so it needs some help. The installed protocol definition will likewise be newer than the generated files, so we need to workaround that to ensure they are not regenerated (which needs host python / pyparsing). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'Config.in.legacy')
-rw-r--r--Config.in.legacy16
1 files changed, 16 insertions, 0 deletions
diff --git a/Config.in.legacy b/Config.in.legacy
index dc99b7c2eb..361d331dc9 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -145,6 +145,22 @@ endif
###############################################################################
comment "Legacy options removed in 2017.08"
+config BR2_PACKAGE_SPICE_CLIENT
+ bool "spice client support removed"
+ select BR2_LEGACY
+ help
+ Spice client support has been removed upstream. The
+ functionality now lives in the spice-gtk widget and
+ virt-viewer.
+
+config BR2_PACKAGE_SPICE_GUI
+ bool "spice gui support removed"
+ select BR2_LEGACY
+ help
+ Spice gui support has been removed upstream. The
+ functionality now lives in the spice-gtk widget and
+ virt-viewer.
+
config BR2_PACKAGE_SPICE_TUNNEL
bool "spice network redirection removed"
select BR2_LEGACY